Re: Programmatically installing Client Root Certificates

From: Sergio Dutra [MS] (
Date: 07/09/04

  • Next message: lelteto: "RE: More about sign CSP"
    Date: Fri, 9 Jul 2004 08:37:16 -0700

    You install root certificates into the "root" store. "root" is the name you
    pass in to CertOpenStore, then use CertAddCertificateContextToStore to add
    the certificate to the root store.

    Note that certificates in the root store must be self-signed. Also, the user
    will get a dialog prompting for acceptance or rejection of the certificate
    prior to it being installed. If the user rejects the certificate, it will
    not be added to the root store.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    "kr" <> wrote in message
    >I have come accross some CertXYZ API that I thought could be used to 
    >install CA Root Certificates on the client machine.
    > Assuming that these are the correct API for this purpose...
    > what would be the correct certificate store that should be used to store 
    > the root certificates? I have tried some sample code to enumerate 
    > installed certs for store "CA" but I have noticed a bunch of store names 
    > including "root" when I enumerated stores.
    > I am assuming that once installed, this can be used to create the 
    > CERT_CONTEXT to be passed in to the InternetSetOption to set the client 
    > certificate. Perhaps the cert does not need to be installed but can simply 
    > be used in the above mentioned API for SSL communication?
    > Regardless, any pointers to some sample code to install root certificate/ 
    > certificate chain would be greatly appreciated.
    > Thanks for the help... 

  • Next message: lelteto: "RE: More about sign CSP"